Enable SR-IOV on ESXi

Single root I/O virtualization (SR-IOV) allows a single PCIe physical device under a single root port to appear to be multiple separate physical devices to the hypervisor or guest. Enable SR-IOV by enabling virtual function devices on the SR-IOV NIC and the modify the guest settings in vCenter.
SR-IOV on the VM-Series for ESXi requires one of the Intel NIC drivers mentioned in PacketMMAP Driver Versions. See the Compatibility Matrix for SR-IOV and DPDK driver support by PAN-OS version.
There are two ways to enable SR-IOV on ESXi.
  • SR-IOV passthrough
    —In this method you enable virtual function devices on the SR-IOV NIC and modify the guest settings in vCenter, adding the SR-IOV VF interface as adaptor type “SR-IOV passthrough”. Refer to Assign a Virtual Function as SR-IOV Passthrough Adapter to a Virtual Machine.
    This method, which is preferred for PAN-OS 8.1.2 and later, allows you to add the SR-IOV PF to a vSwitch or DvSwitch.
  • PCI Adaptor
    —This method was required for PAN-OS 8.0 through 8.1.1. You can view the PCI Adaptor workflow in Enable SR-IOV on ESXi in the 8.1 Deployment Guide.
    The PCI Adaptor method has the limitation that you cannot configure a vSwitch on the physical port on which you enable SR-IOV. The VM-Series firewall must have exclusive access to the physical port and associated virtual functions (VFs) on that interface so it can communicate with the host or other virtual machines on the network. Refer to Add a PCI Device in the vSphere Web Client.

